Attribute *a, *aoc;
ObjectClass *oc;
int i;
- int ret;
AttributeDescription *ad_objectClass = slap_schema.si_ad_objectClass;
int extensible = 0;
- if( !global_schemacheck ) return LDAP_SUCCESS;
-
*text = textbuf;
+ /* check single-valued attrs for multiple values */
+ for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
+ /* there should be at least one value */
+ assert( a->a_vals );
+ assert( a->a_vals[0] != NULL );
+
+ /* if single value type, check for multiple values */
+ if( is_at_single_value( a->a_desc->ad_type ) &&
+ a->a_vals[1] != NULL )
+ {
+ char *type = a->a_desc->ad_cname.bv_val;
+
+ snprintf( textbuf, textlen,
+ "attribute '%s' cannot have multiple values",
+ type );
+
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "schema", LDAP_LEVEL_INFO,
+ "entry_schema_check: dn=\"%s\" %s\n",
+ e->e_dn, textbuf ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "Entry (%s), %s\n",
+ e->e_dn, textbuf, 0 );
+#endif
+
+ return LDAP_CONSTRAINT_VIOLATION;
+ }
+ }
+
+ if( !global_schemacheck ) return LDAP_SUCCESS;
+
/* find the object class attribute - could error out here */
if ( (aoc = attr_find( e->e_attrs, ad_objectClass )) == NULL ) {
#ifdef NEW_LOGGING
return LDAP_SUCCESS;
}
- /* optimistic */
- ret = LDAP_SUCCESS;
-
/* check that each attr in the entry is allowed by some oc */
for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
- ret = oc_check_allowed( a->a_desc->ad_type, aoc->a_vals );
- if ( ret != 0 ) {
- char *type = a->a_desc->ad_cname->bv_val;
+ int ret = oc_check_allowed( a->a_desc->ad_type, aoc->a_vals );
+ if ( ret != LDAP_SUCCESS ) {
+ char *type = a->a_desc->ad_cname.bv_val;
snprintf( textbuf, textlen,
"attribute '%s' not allowed",
e->e_dn, textbuf, 0 );
#endif
- break;
+ return ret;
}
}
- return( ret );
+ return LDAP_SUCCESS;
}
static char *
}
/* not there => schema violation */
if ( a == NULL ) {
- return at->sat_cname;
+ return at->sat_cname.bv_val;
}
}
#ifdef NEW_LOGGING
LDAP_LOG(( "schema", LDAP_LEVEL_ENTRY,
- "oc_check_allowed: type \"%s\"\n", at->sat_cname ));
+ "oc_check_allowed: type \"%s\"\n", at->sat_cname.bv_val ));
#else
Debug( LDAP_DEBUG_TRACE,
"oc_check_allowed type \"%s\"\n",
- at->sat_cname, 0, 0 );
+ at->sat_cname.bv_val, 0, 0 );
#endif
/* always allow objectClass attribute */
- if ( strcasecmp( at->sat_cname, "objectClass" ) == 0 ) {
+ if ( strcasecmp( at->sat_cname.bv_val, "objectClass" ) == 0 ) {
return LDAP_SUCCESS;
}
-
/*
* All operational attributions are allowed by schema rules.
*/
projects / openldap / blobdiff